You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/04/09 12:10:57 UTC

cxf git commit: [CXF-6338] Fixing a broken check in JWT bearer AbstractJwtHandler, patch from Jeffrey Samarziya applied, This closes #62

Repository: cxf
Updated Branches:
  refs/heads/master bef3d8408 -> 012b14cd4


[CXF-6338] Fixing a broken check in JWT bearer AbstractJwtHandler, patch from Jeffrey Samarziya applied, This closes #62


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/012b14cd
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/012b14cd
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/012b14cd

Branch: refs/heads/master
Commit: 012b14cd45410fa395e55b682b385b6557c4b5b4
Parents: bef3d84
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Thu Apr 9 11:10:40 2015 +0100
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Thu Apr 9 11:10:40 2015 +0100

----------------------------------------------------------------------
 .../oauth2/grants/jwt/AbstractJwtHandler.java   |  2 +-
 .../grants/jwt/AbstractJwtHandlerTest.java      | 88 ++++++++++++++++++++
 2 files changed, 89 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/012b14cd/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java
index 5b31366..66af402 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java
@@ -45,7 +45,7 @@ public abstract class AbstractJwtHandler extends AbstractGrantHandler {
     
     protected void validateSignature(JoseHeaders headers, String unsignedText, byte[] signature) {
         JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
-        if (theSigVerifier.verify(headers, unsignedText, signature)) {    
+        if (!theSigVerifier.verify(headers, unsignedText, signature)) {    
             throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/012b14cd/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandlerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandlerTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandlerTest.java
new file mode 100644
index 0000000..5ee0145
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandlerTest.java
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.grants.jwt;
+
+import java.util.Arrays;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.rs.security.jose.JoseHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.easymock.EasyMockRule;
+import org.easymock.Mock;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.verify;
+
+import static org.junit.Assert.fail;
+
+public class AbstractJwtHandlerTest {
+    private static final String UNSIGNED_TEXT = "myUnsignedText";
+    private static final byte[] SIGNATURE = "mySignature".getBytes();
+
+    @Rule
+    //CHECKSTYLE:OFF
+    public EasyMockRule rule = new EasyMockRule(this);
+    //CHECKSTYLE:ON
+    private AbstractJwtHandler handler;
+    @Mock
+    private JwsSignatureVerifier signatureVerifier;
+    @Mock
+    private JoseHeaders headers;
+
+    @Before
+    public void setUp() {
+        handler = new AbstractJwtHandler(Arrays.asList("someGrantType")) {
+            @Override
+            public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) 
+                throws OAuthServiceException {
+                throw new UnsupportedOperationException("not implemented");
+            }
+        };
+        handler.setJwsVerifier(signatureVerifier);
+    }
+
+    @Test
+    public void testValidateSignatureWithValidSignature() {
+        expect(signatureVerifier.verify(headers, UNSIGNED_TEXT, SIGNATURE)).andReturn(true);
+        replay(signatureVerifier);
+        handler.validateSignature(headers, UNSIGNED_TEXT, SIGNATURE);
+        verify(signatureVerifier);
+    }
+
+    @Test
+    public void testValidateSignatureWithInvalidSignature() {
+        expect(signatureVerifier.verify(headers, UNSIGNED_TEXT, SIGNATURE)).andReturn(false);
+        replay(signatureVerifier);
+        try {
+            handler.validateSignature(headers, UNSIGNED_TEXT, SIGNATURE);
+            fail("OAuthServiceException expected");
+        } catch (OAuthServiceException expected) {
+        }
+        verify(signatureVerifier);
+    }
+}